Buffer Overflow Vulnerability in Boa Webserver by <Vendor Name>
CVE-2016-9564

7.5HIGH

Key Information:

Vendor: Boa
Status: Boa
Vendor: CVE Published:; 30 November 2016

What is CVE-2016-9564?

A buffer overflow vulnerability within the send_redirect() function of Boa Webserver version 0.92r enables remote attackers to cause denial of service (DoS) by making an HTTP GET request. This request can be manipulated to include long URIs composed only of '/' and '.' characters, potentially disrupting service availability.

References

http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-o...

x_refsource_MISC

http://www.securityfocus.com/bid/94599

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2016
Vulnerability Reserved
Nov 22, 2016